The present invention relates generally to methods and apparatuses for paying for goods and services, and more particularly to a method and apparatus for paying for goods and services using a credit-card having embedded memory and logic processing capability, also known as a smart card
The history of smartcard technology originated with the concept of installing computer memory on a plastic card, which led to the development of the first chip cards in the mid-1970s. Early chip cards were based on EEPROM technology (electrically erasable programmable read-only memory) and featured fixed digital logic circuits. These cards, known as memory cards, found initial applications as healthcare ID cards and telephone payment cards.
In order to attract a worldwide user base, however, chip cards had to offer a greater range of features and applications to consumers than were already available through inexpensive magnetic strip cards, such as those employed as standard credit cards, which relied upon the concept of storing information on a magnetic strip. One possible area of differentiation was the provision of improved security, since problems with fraud had persisted for years in the credit card industry. This was due, in part, to the fact that the memory contents of a stolen magnetic strip card could be read and copied into counterfeit cards using relatively unsophisticated equipment.
Consequently, chip card developers began to look for ways to increase the chip""s processing power, to reduce the amount of time it took for information to be transferred between the card and the reader and, most importantly, to enhance the data security of the card. These efforts led to the development of the smartcard, a chip card with a microcontroller incorporated into it. The microcontroller and its associated software provided a platform for a wide range of benefits and, in particular, allowed the smartcard to become a formidable barrier against credit and bank card fraud. Unlike a conventional credit card, a smartcard equipped with a microcontroller has the ability to encrypt information and store it in areas of the card that are designed to be unreadable. This helps prevent unauthorized reading and subsequent theft of the data. The effect of the smartcard from a security standpoint has been profound; in France, for example, where smartcards have been in public use since 1992, credit and bankcard fraud has been reduced dramatically.
There is, nonetheless, a continuing need to provide chip cards with improved security features, since the tools available to perpetrators of fraud have become more sophisticated. Moreover, a number of smartcards previously thought to be tamperproof have been successfully hacked. Thus, in a paper by R. Anderson and M. Kuhn entitled xe2x80x9cTamper Resistancexe2x80x94A Cautionary Notexe2x80x9d and published by the USENIX Association in The Second USENIX Workshop on Electronic Commerce Proceedings, Oakland, Calif., pp. 1-11 (Nov. 18-21, 1996), the authors concluded that xe2x80x9csmartcards are broken routinely, and even a device that was described by a government signals agency as xe2x80x98the most secure processor generally availablexe2x80x99 [the Dallas Semiconductor DS5000 series] turns out to be vulnerable . . .xe2x80x9d Indeed, the authors describe in detail methodologies that may be employed to successfully attack various smartcards, including the DS5000 series. While some of these techniques require sophisticated (though increasingly available) equipment and skilled hackers to implement, many of these methodologies also involve rudimentary techniques that require only inexpensive, commonly available materials and equipment. One such technique was reported to involve tools and materials that were obtained for $30 at a pharmacy.
Generally speaking, card fraud is facilitated if a person intent on tampering with a chip card can gain access to the card""s components without destroying them in the process. This is due, in part, to the fact that some of the security features of the card rely on certain components remaining inaccessible. For example, the memory components of a chip card cannot be read and decrypted if they are not accessible in the first place. Hence, the security of a chip card can be improved by ensuring that the card""s internal components remain inaccessible.
In this respect, the battery system of a chip card is a potential weakness, because conventional battery systems require openings for the release of gases that are formed during their use. These openings provide an access point that can be exploited by someone intent on tampering with the card. On the other hand, the battery system is an important component of modern chip cards, since it frees the card from reliance on an external power source (which itself entails security risks) and enables other features, such as internal clocks, that increase the utility of the card. There is thus a need in the art for a chip card that overcomes this infirmity. In particular, there is a need in the art for a chip card equipped with a battery system that does not require venting or which can otherwise be made inaccessible.
One common technique of attacking a smartcard involves the physical removal of the plastic backing from the smart card by means of a sharp knife or lathe so as to expose the chip module. The chip module is typically encased in a coating of epoxy resin, which can be readily removed by treatment with fuming nitric acid followed by shaking in acetone. After removal of the epoxy layer, the chip module, which is still fully functional, may be exposed to microprobing experiments to determine the memory contents. There is thus a need in the art for a chip card that is resistant to this type of attack.
The present invention is therefore directed to the problem of developing a method and apparatus for powering a smart card, charging the power source and protecting the smart card from tampering without overloading the smart card with hardware and processing capability.
In one aspect, the present invention relates to a chip card comprising a thin film battery that does not require venting. The battery preferably employs a solid-state electrolyte such as LiPON. Such a card is advantageous in that the battery may be hermetically sealed inside of the card, thereby making the card more tamper resistant. By contrast, prior art chip cards which rely on conventional battery systems must provide one or more openings for the venting of off-gases, which openings can be exploited for the purposes of tampering with the card.
In another aspect, the present invention relates to a chip card comprising a substrate, a volatile memory device (such as an SRAM device) disposed on the substrate, and a battery which is in electrical contact with the memory device by way of first and second conductive elements which have opposite polarity. The memory device, and those portions of the first and second conductive elements in the vicinity of the memory device, are encapsulated in an epoxy resin. Consequently, if an attempt is made to remove the epoxy resin from the memory device (or from a chip module which includes the memory device) by exposing the device to nitric acid, the epoxy resin will also be removed from the first and second conductive elements. Since nitric acid is a highly conductive medium, this will result in a short circuit of the battery and subsequent disruption in the power supply. Since the memory employed in the card is volatile, the disruption in the power supply will purge the memory, thereby rendering the card useless for the purposes of fraud.
According to another aspect of the present invention, a method and apparatus for charging the battery is provided. In particular, one embodiment employs a digital pulse output directly from a digital integrated circuit, such as a micro controller or microprocessor, to trickle charge the battery, whenever the device is connected to an external power source. By coupling the battery directly to the digital device, analog circuit devices are avoided, thereby avoiding the concomitant cost and real estate associated with such devices.
According to another aspect of the present invention, the microprocessor uses a pseudorandom sequence of pulses to trickle charge the battery. This pseudorandom sequence creates emissions that tend to mask the emissions output by other parts of the microprocessor, which emissions could be used to fraudulently gain access to the smart card in a reverse engineering process.